Tekniikka/Varmenne
< Tekniikka
Siirry navigaatioon
Siirry hakuun
Versio hetkellä 21. lokakuuta 2015 kello 15.30 – tehnyt TUOMALA JUHA 10000350X (keskustelu | muokkaukset) (→Älykortit)
Sisällysluettelo
Älykortit
Varmenteen luku älykortilta vaatii tausta-ajossa pcscd palvelun ja pkcs15-tool ohjelman joka tulee OpenSC pakettien mukana.
Varmenteiden listaus
% pkcs15-tool -c Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00 X.509 Certificate [todentamis- ja salausvarmenne] Object Flags : [0x0] Authority : no Path : 3f004331 ID : 45 Access Rules : read:<always>; Encoded serial : 02 04 3BA8D0D3 X.509 Certificate [allekirjoitusvarmenne] Object Flags : [0x0] Authority : no Path : 3f0050164332 ID : 46 Access Rules : read:<always>; Encoded serial : 02 04 3BA8D0D0 X.509 Certificate [VRK Gov. Root CA] Object Flags : [0x0] Authority : yes Path : 3f004334 ID : 48 Access Rules : read:<always>; Encoded serial : 02 03 0186A0 X.509 Certificate [VRK Gov. CA for Citizen Qualified Certificates] Object Flags : [0x0] Authority : yes Path : 3f004333 ID : 47 Access Rules : read:<always>; Encoded serial : 02 03 018899
Varmenteet on numeroitu ID tunnisteella.
Avaimen luku
$ % pkcs15-tool -r 45 Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00 -----BEGIN CERTIFICATE----- MIIGGDCCBQCgAwIBAgIEO6jQ0zANBgkqhkiG9w0BAQUFADCBoTELMAkGA1UEBhMC RkkxEDAOBgNVBAgTB0ZpbmxhbmQxITAfBgNVBAoTGFZhZXN0b3Jla2lzdGVyaWtl c2t1cyBDQTEkMCIGA1UECxMbVmFsdGlvbiBrYW5zYWxhaXN2YXJtZW50ZWV0MTcw NQYDVQQDEy5WUksgR292LiBDQSBmb3IgQ2l0aXplbiBRdWFsaWZpZWQgQ2VydGlm aWNhdGVzMB4XDTExMDQyOTA5MDUwMVoXDTE2MDQyODIxNTk1OVowYzELMAkGA1UE BhMCRkkxEjAQBgNVBAUTCTEwMDAwMzUwWDENMAsGA1UEKhMESlVIQTEQMA4GA1UE BBMHVFVPTUFMQTEfMB0GA1UEAxMWVFVPTUFMQSBKVUhBIDEwMDAwMzUwWDCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/nA02UmL98mepeTkIgt/z7rsyN RgAelBN9ZiBWk9m/IdVvqbbVpyRTJ02Yt7jRErZM0+vS5H8F7v6Qi3p9RN2H0wIY PuAbw1GBWrLYAuOqVqcEw/EEnwv9nYANid4RZE+bowwNteRiEUxiPoRcR4Z2P4uX Re+jibWi+9iwYNaRygPklInX6dRJHxFZDqft5N2LQQhhzYfAIVAMXjQSx9SF7nYf ZQYAcIwO3jZ4qwoBj7Fp8l/LydLfJwF4+zdI7oIGNWhImqhnzhKPymudqDRyIKvr AS7PAzJgOKupihZa0/mI7oYioCP+3MW/dWb5RtjzeYu9MYeg6tERy85JfE8CAwEA AaOCApMwggKPMAwGA1UdEwEB/wQCMAAwgaEGA1UdIASBmTCBljCBkwYJKoF2hAUB CgIBMIGFMFsGCCsGAQUFBwICME8aTVR1dHVzdHUgdmFybWVubmVwb2xpdGlpa2th YW4gLSBzZSBjZXJ0aWZpa2F0IHBvbGljeSBodHRwOi8vd3d3LmZpbmVpZC5maS9j cHMxMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmZpbmVpZC5maS9jcHMxLzBABggr BgEFBQcBAQQ0MDIwMAYIKwYBBQUHMAKGJGh0dHA6Ly9wcm94eS5maW5laWQuZmkv Y2EvdnJrY3FjLmNydDARBglghkgBhvhCAQEEBAMCBaAwHgYDVR0RBBcwFYETanVo YS50dW9tYWxhQGlraS5maTAOBgNVHQ8BAf8EBAMCBLAwHwYDVR0jBBgwFoAUiFpv HUJHgob91+kNslfPTVAoBBcwggEUBgNVHR8EggELMIIBBzAsoCqgKIYmaHR0cDov L3Byb3h5LmZpbmVpZC5maS9jcmwvdnJrY3FjYy5jcmwwgdaggdOggdCGgc1sZGFw Oi8vbGRhcC5maW5laWQuZmk6Mzg5L2NuJTNkVlJLJTIwR292LiUyMENBJTIwZm9y JTIwQ2l0aXplbiUyMFF1YWxpZmllZCUyMENlcnRpZmljYXRlcyxvdSUzZFZhbHRp b24lMjBrYW5zYWxhaXN2YXJtZW50ZWV0LG8lM2RWYWVzdG9yZWtpc3RlcmlrZXNr dXMlMjBDQSxkbWROYW1lJTNkRklORUlELGMlM2RGST9jZXJ0aWZpY2F0ZVJldm9j YXRpb25MaXN0MB0GA1UdDgQWBBTrpBk34icBaeKiLEjzSFSCEDR8DzANBgkqhkiG 9w0BAQUFAAOCAQEAQmmsPALeREmd0dZW9FF9uqai7bTyfmd3hX8cgmwSJmpP58cs kaQMZ4DL9Uo3pO7AU3Io0JQeUc7JC40ecpxAecHqdUcbpKBZfxFfyQ5Evu/OMwGp +ClDlpgdUnl0dRq96LhX/BE3+qgn3aMJJfqfNuPugsOfN81SlH2K+GChgf1xcqRc SfSKRTecIv00GHjJzyRRJfMr60/XQwq8wr29yZXHB6s0lF64iv1m/p25F6QomyXi 1dsX/OJ7PodAN2BdTYGgmxl+JYxQlBD7Pj8fd2bgLktV65fs9/NEzaGGB+fLd5O+ naSLIrzqeBIOAom2m5It1LXCgfII6n9ZeIb6cQ== -----END CERTIFICATE-----
Tulosteen voi myös ohjata suodaan tiedostoon:
openssl -r 45 > juha.tuomala.vrk.pem
Avaimen tulostus ihmisen luettavaksi
% pkcs15-tool -r 45| openssl x509 -text -noout Using reader with a card: Gemalto PC Twin Reader (DF244A22) 00 00 Certificate: Data: Version: 3 (0x2) Serial Number: 1000919251 (0x3ba8d0d3) Signature Algorithm: sha1WithRSAEncryption Issuer: C=FI, ST=Finland, O=Vaestorekisterikeskus CA, OU=Valtion kansalaisvarmenteet, CN=VRK Gov. CA for Citizen Qualified Certificates Validity Not Before: Apr 29 09:05:01 2011 GMT Not After : Apr 28 21:59:59 2016 GMT Subject: C=FI/serialNumber=10000350X, GN=JUHA, SN=TUOMALA, CN=TUOMALA JUHA 10000350X Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:af:e7:03:4d:94:98:bf:7c:99:ea:5e:4e:42:20: b7:fc:fb:ae:cc:8d:46:00:1e:94:13:7d:66:20:56: 93:d9:bf:21:d5:6f:a9:b6:d5:a7:24:53:27:4d:98: b7:b8:d1:12:b6:4c:d3:eb:d2:e4:7f:05:ee:fe:90: 8b:7a:7d:44:dd:87:d3:02:18:3e:e0:1b:c3:51:81: 5a:b2:d8:02:e3:aa:56:a7:04:c3:f1:04:9f:0b:fd: 9d:80:0d:89:de:11:64:4f:9b:a3:0c:0d:b5:e4:62: 11:4c:62:3e:84:5c:47:86:76:3f:8b:97:45:ef:a3: 89:b5:a2:fb:d8:b0:60:d6:91:ca:03:e4:94:89:d7: e9:d4:49:1f:11:59:0e:a7:ed:e4:dd:8b:41:08:61: cd:87:c0:21:50:0c:5e:34:12:c7:d4:85:ee:76:1f: 65:06:00:70:8c:0e:de:36:78:ab:0a:01:8f:b1:69: f2:5f:cb:c9:d2:df:27:01:78:fb:37:48:ee:82:06: 35:68:48:9a:a8:67:ce:12:8f:ca:6b:9d:a8:34:72: 20:ab:eb:01:2e:cf:03:32:60:38:ab:a9:8a:16:5a: d3:f9:88:ee:86:22:a0:23:fe:dc:c5:bf:75:66:f9: 46:d8:f3:79:8b:bd:31:87:a0:ea:d1:11:cb:ce:49: 7c:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Certificate Policies: Policy: 1.2.246.517.1.10.2.1 User Notice: Explicit Text: Tutustu varmennepolitiikkaan - se certifikat policy http://www.fineid.fi/cps1 CPS: http://www.fineid.fi/cps1/ Authority Information Access: CA Issuers - URI:http://proxy.fineid.fi/ca/vrkcqc.crt Netscape Cert Type: SSL Client, S/MIME X509v3 Subject Alternative Name: email:juha.tuomala@iki.fi X509v3 Key Usage: critical Digital Signature, Key Encipherment, Data Encipherment X509v3 Authority Key Identifier: keyid:88:5A:6F:1D:42:47:82:86:FD:D7:E9:0D:B2:57:CF:4D:50:28:04:17 X509v3 CRL Distribution Points: Full Name: URI:http://proxy.fineid.fi/crl/vrkcqcc.crl Full Name: URI:ldap://ldap.fineid.fi:389/cn%3dVRK%20Gov.%20CA%20for%20Citizen%20Qualified%20Certificates,ou%3dValtion%20kansalaisvarmenteet,o%3dVaestorekisterikeskus%20CA,dmdName%3dFINEID,c%3dFI?certificateRevocationList X509v3 Subject Key Identifier: EB:A4:19:37:E2:27:01:69:E2:A2:2C:48:F3:48:54:82:10:34:7C:0F Signature Algorithm: sha1WithRSAEncryption 42:69:ac:3c:02:de:44:49:9d:d1:d6:56:f4:51:7d:ba:a6:a2: ed:b4:f2:7e:67:77:85:7f:1c:82:6c:12:26:6a:4f:e7:c7:2c: 91:a4:0c:67:80:cb:f5:4a:37:a4:ee:c0:53:72:28:d0:94:1e: 51:ce:c9:0b:8d:1e:72:9c:40:79:c1:ea:75:47:1b:a4:a0:59: 7f:11:5f:c9:0e:44:be:ef:ce:33:01:a9:f8:29:43:96:98:1d: 52:79:74:75:1a:bd:e8:b8:57:fc:11:37:fa:a8:27:dd:a3:09: 25:fa:9f:36:e3:ee:82:c3:9f:37:cd:52:94:7d:8a:f8:60:a1: 81:fd:71:72:a4:5c:49:f4:8a:45:37:9c:22:fd:34:18:78:c9: cf:24:51:25:f3:2b:eb:4f:d7:43:0a:bc:c2:bd:bd:c9:95:c7: 07:ab:34:94:5e:b8:8a:fd:66:fe:9d:b9:17:a4:28:9b:25:e2: d5:db:17:fc:e2:7b:3e:87:40:37:60:5d:4d:81:a0:9b:19:7e: 25:8c:50:94:10:fb:3e:3f:1f:77:66:e0:2e:4b:55:eb:97:ec: f7:f3:44:cd:a1:86:07:e7:cb:77:93:be:9d:a4:8b:22:bc:ea: 78:12:0e:02:89:b6:9b:92:2d:d4:b5:c2:81:f2:08:ea:7f:59: 78:86:fa:71